CVE-2025-52809 is a high-severity vulnerability classified under CWE-98, which involves improper control of filenames used in PHP include or require statements. This vulnerability affects the John Russell National Weather Service Alerts software, versions up to 1.3.5. The flaw allows an attacker to perform PHP Local File Inclusion (LFI), potentially enabling them to include and execute arbitrary files on the server. This can lead to full compromise of the affected system, including unauthorized access to sensitive information, modification of data, and disruption of service. The vulnerability arises because the application does not properly validate or sanitize user-supplied input used in file inclusion functions, allowing an attacker to manipulate the filename parameter to include unintended files. The CVSS v3.1 score of 8.1 reflects the high impact on confidentiality, integrity, and availability, with network attack vector, no privileges required, no user interaction, but high attack complexity. Although no known exploits are currently reported in the wild, the nature of this vulnerability makes it a critical risk if exploited. The affected product is used for disseminating weather alerts, which are critical for public safety and emergency response, increasing the importance of securing this software.

For European organizations, especially governmental agencies, meteorological services, emergency response units, and critical infrastructure operators relying on the John Russell National Weather Service Alerts software, this vulnerability poses a significant risk. Exploitation could allow attackers to execute arbitrary code on alert dissemination servers, potentially leading to manipulation or disruption of weather alerts. This could cause misinformation or failure to deliver timely warnings, directly impacting public safety and emergency preparedness. Additionally, attackers could gain access to sensitive operational data or use compromised servers as footholds for further attacks within organizational networks. The disruption of such critical services could have cascading effects on transportation, energy, and public safety sectors across Europe.

Organizations should immediately audit their deployments of the John Russell National Weather Service Alerts software to identify affected versions (up to 1.3.5). Since no official patches are currently available, temporary mitigations include implementing strict input validation and sanitization on all user-supplied parameters used in file inclusion functions. Employing web application firewalls (WAFs) with rules to detect and block suspicious file inclusion attempts can help reduce risk. Restricting file system permissions to limit the PHP process's access to only necessary directories can minimize potential damage. Monitoring logs for unusual file access patterns or errors related to file inclusion is critical for early detection. Organizations should engage with the vendor or community for updates and patches and plan for prompt application once available. Additionally, isolating alert systems from broader networks and enforcing network segmentation can limit attacker lateral movement if exploitation occurs.